• This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn more.

Can I prepare a MySQL statement on both sides of an equality?

Jaxel

Well-known member
#1
Code:
if (!$channel = $this->_getDb()->fetchRow("
    SELECT *
    FROM EWRcanal_channels
    WHERE ? = ?
", array($type, $data)))
{
    return false;
}
Is this code semantically possible?
 

digitalpoint

Well-known member
#2
Technically you should be able to... but not sure you could call out a column name (if that's what you are trying to do) with the first part since it's going to wrap it in quotes within the query.

It would end up being a query like:
Code:
SELECT *
FROM EWRcanal_channels
WHERE 'type' = 'someValue'
Maybe I'm not thinking of something, but pretty sure the query will always return no records if $type and $data are different, and will return all records if they are the same.
 

Luke F

Well-known member
#3
Check if $type is within an array of predetermined values for sanity and vs injection and then just stick it directly in the query string

I'm assuming you want to treat $type as a column name and not a string, otherwise there'd be no purpose of doing the comparison in sql